How to secure your Wordpress Blog from Brute Force attacks?
Securing Wordpress Site from Hacking Attempts
A major concern of majority of Wordpress users is the safety of their sites. Wordpress is a much liked platform for Blogging as it is SEO friendly. However, Wordpress sites also are more vulnerable to hacker attacks. No matter how much effort you have put to secure your site, there are evil guys around waiting to steal your site. These guys are masters in their trade. They are so smart that an ordinary Blogger may not even come to know even after being hacked. As the popular saying goes, prevention is better than cure. Rather than putting your sites to risk and then spending time and money in recovering the sites, it’s worth putting some efforts to ensure the security of your sites.
Over 30,000 Wordpress sites have already been hacked and taken control over by the bad guys. The Hackers may use these sites to send spam emails, crash servers, make money, plant further virus and so much more. For the past one month or so, brute force attacks have increased to a considerable extent. Thousands of Bloggers have lost their sites, personal details compromised and even lost their hosting accounts. Just because, you have not been hit does not mean that you are safe. Even if you manage to survive the hacking attempts, you may still end up paying an extra traffic bill to your Hosting Company because of their numerous attempts to break into your website or blog. Though you may not be able to make your Wordpress sites 100% hacker proof, you can certainly reduce the chances of the sites getting hacked. This can be done by hiding the WordPress installation from hackers.
My first Wordpress site got hacked and some malicious code was installed by the hackers within 3 months of starting it. One day I found my hosting account suspended and I could not log in to my site. When I contacted the hosting company, they treated me as if I am some criminal. However, they helped me recover my domain to the starting state, but all my data was lost. I had written over 90 blog posts and did not have any backup. The Hosting Company further warned me that in the event of it happening again, I would lose the hosting account. I never felt insulted that much in my whole life and decided that I need to take steps to secure my domains. I read all stuff I could get on Wordpress Security and even got many Premium Plugins to protect my blogs. My efforts paid off, and I managed to reduce the internet footprints to prevent brute force attacks from hackers. The hackers are a smart lot and may come up with new ways of breaking into sites, so it is worth taking precautions to stop them on their track. If you have an online Wordpress sites empire or manage Wordpress based clients sites, you need to take steps to protect your sites.
How to protect your Wordpress Site from Hackers?
Do you want to secure your Wordpress Sites from Hackers? Given below are some steps you can take to ensure the security of your sites.
- Keep your Computer clean: It is advisable that you have a private connection. Try not access your site from public computers. Make sure you run a virus scan on your own computer to ensure that it is clean at all times. Most hackers try to infect your computer with malicious viruses first. I advise a combination of Kaspersky Internet Security and Malwarebytes Anti-malware PRO version.
- Reliable Web Hosting: Get the hosting account for your Wordpress sites from reliable hosting companies like Blue Host.
- Have strong user name and passwords: Your password and user name should be in a combination of capital letters, small letters, numbers and symbols. Avoid user names like Admin, user, 1, administrator and manager that are quite easy to guess. However, if you happen to have such a username you can add a new secure user with a strong password and user name and then delete the old user. For this, under users in your admin panel click on add a new user. Make sure that the user name and password comprises of at least 8 characters and Use a combination of upper and lowercase letters, numbers and symbols to create the username and password. Give admin rights to this new user. Now log out of your Admin Panel and login as the new user. Go to user section and delete the old user. However, make sure that you remember your new login details. Also avoid passwords like password and 12345.
- Themes : Use the Free Themes hosted by Wordpress or Premium themes from reputed Theme makers like Catch Themes or Woo Themes. Delete the unused themes from the Theme area.
- Add Wordpress Security Plugins: Wordpress Security Plugins can add an extra layer of protection to your Sites. Some of the best plugins you can use to secure your sites are Bulletproof Security, Better WP Security, secure Wordpress, Sucuri Site check malware scanner, Wp security scan, Login lockdown, Ask Apache Password protect and WP- brute force. The Pro or Premium versions of these plugins offer better security from hackers, so I advise you to spend money on it. We spend so much money to protect our physical assets by investing on lockers, security personnel and security devices. Why not get the best protection for our virtual real estate? Just adding the plugins is not enough, activate them and configure them correctly. However, keep checking your sites as you make changes as some changes may break the site. It is advisable to install these plugins at the time of Wordpress installation itself. If it is an existing site, make sure you do a backup before configuring the plugins as some changes may not be compatible with your Wordpress theme, the plugins you use or your server configuration. Configuring the plugins is quite a tedious task. If you need assistance configuring, I would happily do it at a reasonable price.
- Change File Permissions: Use FileZilla FTP Software to access your site and change htaccess file, wp-blog-header.php, Wp-config.php and index.php file permission to 404. Also change wp-admin and wp-content to permission 705. However, make sure use refresh the site every time a change is made to ensure that it is not broken. Now Delete Readme.HTML from Public HTML folder. Next go to wp-Config folder and delete install.php and install-helper.php.
- Keep your Wordpress updated: Make sure you keep your Wordpress version, plugins and themes updated at all times. Also try to limit the number of plugins. Also make sure that you back up the site regularly so that you have the data to restore your site if needed. You may use WP Online Backup, Vault Press, Backup Buddy or WP DB Backup for this purpose.
Now that, you have done the above steps you are ahead of thousands of Wordpress users who do nothing to secure their sites. However, remember that your sites are still not 100% secured. You only have reduced the chances of your sites getting hacked.
Was this Hub helpful to you? Feel free to share your opinions by way of comments. Liked this Hub? Please feel free to share this hub link on social networking sites.
How to Secure your Wordpress Site for Free?
WordPress Security Threats and Tips by Dre Armeda of Sucuri
How to fix a Hacked Wordpress Site?
Will you spend money on the security of your Wordpress sites?
© 2013 Anamika S